Menu
▾
▴
Re: [Snort-inline-users] My question is about snort and snort_inline.
|
From: Will M. <wil...@gm...> - 2004-10-07 03:06:24
|
Michael, I wouldn't say that one is better than the other, or that one misses things that the other doesn't. snort_inline is essentially just a patch to mainline snort to allow us to leverage userspace queueing via iptables to analyze and perform IPS functionality using the snort detection engine and signature database. I think Rob said it best "Think of this as an Intrusion Prevention System (IPS) that uses existing Intrusion Detection System (IDS) signatures to make decisions on packets that traverse snort_inline." BTW snort_inline users, Victor and I are developing a sticky-drop preprocessor/detection plug in hybrid. When we are finished you will be able to use the preproc and the snort rule language to set up blocks for set periods of time. An example would be to drop all traffic from an attacker that has triggered a portscan alert for the next 10 minutes. Things of that nature. If there is anything else you guy's want to see in snort_inline please let me know. Regards, Will On Wed, 06 Oct 2004 17:29:43 -0400, Michael Penland <mpe...@ho...> wrote: > All, > > snort and snort_inline. > > Should I run both ? > Is it true that snort catches things that inline doesn't and (vise versa). > I see the HoneyNet project runs both. > Just wanted to clear the discrepancy. > > Thanks, > MGP > > _________________________________________________________________ > Express yourself instantly with MSN Messenger! Download today - it's FREE! > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > ------------------------------------------------------- > This SF.net email is sponsored by: IT Product Guide on ITManagersJournal > Use IT products in your business? Tell us what you think of them. Give us > Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more > http://productguide.itmanagersjournal.com/guidepromo.tmpl > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > |
